-
Notifications
You must be signed in to change notification settings - Fork 1
31 lines (26 loc) · 1.09 KB
/
weekly_vuln_scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
name: Scan Main Tag of Docker Image
on:
schedule:
- cron: "0 14 * * 1" # Works on each Monday 14:00 UTC
workflow_dispatch:
jobs:
vulnerability-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
# Uncomment the following lines to enable the ORT job when needed
# - uses: oss-review-toolkit/ort-ci-github-action@7f23c1f8d169dad430e41df223d3b8409c7a156e
# with:
# allow-dynamic-versions: "true"
# fail-on: "issues"
# run: "cache-dependencies,cache-scan-results,labels,analyzer,evaluator,advisor,reporter,upload-results"
- name: Pull the Docker Image
run: |
IMAGE_NAME="ghcr.io/genomicdatainfrastructure/gdi-userportal-frontend:main"
docker pull $IMAGE_NAME
echo "Docker image pulled: $IMAGE_NAME"
- name: Scan the Docker Image with Trivy
run: |
IMAGE_NAME="ghcr.io/genomicdatainfrastructure/gdi-userportal-frontend:main"
docker run --rm aquasec/trivy:latest image --severity CRITICAL,HIGH --exit-code 1 "$IMAGE_NAME"